Dr.Web Released Windows and Other Virus Threats of December 2009
OREANDA-NEWS. January 12, 2010. Trends of previous months continued to develop in December 2009 where ransomware accounted for a greater part of viral traffic. A large number of Trojans and web-sites were created by cybe-criminals to extort money from users.
Windows blockers
Numerous modifications of Windows blockers featuring new counter-analysis tehcnologies emerged in December. Under the Dr.Web classification such programs are named as Trojan.Winlock. In recent months these programs have become the main tool for extracting money in Russian and
Active Trojans of this class prevent launching of utilities used for analysis and may force a system shutdown. They also create numerous copies of themselves in Windows system folders to make manual removal of the malware from the system more difficult. The name of the Trojan process also differs from the name of the malicious executable file.
Trojans via e-mail
Spam remains one of the main channels for distribution of malware.
In December 2009 various modifications of Trojan.PWS.Panda were spread as VISA card transaction reports or as Facebook account passwords.
Such malicious programs as Trojan.NtRootKit.3226 and modifications of Trojan.Packed were delivered to users as “compromising photos” while Trojan.Botnetlog arrived at user machines as document from DHL.
Audio spam
December saw several types of spam mailings with attached audio files. As a rule such files are provided in the mp3 format and have a low bit rate (16 Kbit/s).
Messages with audio attachments advertised e-stores and healthcare products – an audio file contained a an address of the advertised web-site. Mailings that aimed to draw users into participating in pyramid schemes provided mp3 files larger than 6 MB with approximately sixty minutes length of a lecture.
From 2009 into 2010
In 2009 virus makers tended to focus on acquiring funds of users – an easy prey when large numbers of people follow links supposedly from credible organizations or friends, download programs serving different puporses. Criminals made money transfer demands appear in browser windows, on top of all other windows or right on a desktop. Traditional virus spreading channels — e-mail and instant messengers – were used along with new ones such as social networking web-sites and blogs.
The trend when cyber criminals target users of a wide range of operating systems and browsers simultaneously will most likely persist in
The number of malicious programs found in e-mail traffic in December increased 2.8 times compared to the November figures. The share of malicious files in the total number of files scanned on user machines increased 2.2 times. Cyber criminals raise the amount of money demanded from users for restoring their systems.
Комментарии